Spyware.TotalSpy

Spyware.TotalSpy

Updated:
08 May 2006
Risk Impact:
Low
Systems Affected:
Windows

Behavior

Spyware.TotalSpy is a spyware program that monitors user activity including visited URLs, logged keystrokes, and also captures screenshots.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 01 February 2015 revision 020
  • Initial Daily Certified version 08 May 2006
  • Latest Daily Certified version 07 January 2013 revision 017
  • Initial Weekly Certified release date 10 May 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Spyware.TotalSpy is a spyware program that monitors user activity including visited URLs, logged keystrokes, and also captures screenshots.

When Spyware.TotalSpy is first installed, it creates the following files:
C:\Program Files\TS Trial\conf.dat
C:\Program Files\TS Trial\ctfmon.exe
C:\Program Files\TS Trial\ver.dat

The risk also creates the following folders:
C:\Program Files\TS Trial\daily_log_files
This folder contains the log files for all the keystrokes logged.

C:\Program Files\TS Trial\daily_visited_urls
This folder contains the log files for all the URLs visited.

C:\Program Files\TS Trial\spy_screenshots
This folder may contain other folders which contain the screenshots taken by the threat.


The risk then creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"ctfmon.exe" = "C:\Program Files\TS Trial\ctfmon.exe"

The risk then monitors user activity on the compromised computer, logs keystrokes, and captures screenshots.